Disir
Platinum Member
- Sep 30, 2011
- 28,003
- 9,610
Just three short months ago, security researcher Marcus Hutchins entered the pantheon of hacker heroes for stopping the WannaCry ransomware attack that ripped through the internet and paralyzed hundreds of thousands of computers. Now he's been arrested and charged with involvement in another mass hacking scheme—this time on the wrong side.
Yesterday authorities detained 22-year-old Hutchins after the Defcon hacker conference in Las Vegas as he attempted to fly home to the UK, where he works as a researcher for the security firm Kryptos Logic. Upon his arrest, the Department of Justice unsealed an indictment against Hutchins, charging that he created the Kronos banking trojan, a widespread piece of malware used to steal banking credentials for fraud. He's accused of intentionally creating that banking malware for criminal use, as well as being part of a conspiracy to sell it for $3,000 between 2014 and 2015 on cybercrime market sites such as the now-defunct AlphaBay dark web market.
But the short, eight-page indictment against Hutchins, a rising star in the hacker world, has already raised questions and skepticism in both legal and cybersecurity circles. Orin Kerr, a law professor at George Washington University who has written extensively about cybersecurity and hacking cases, says that based on the indictment alone, the charges look like "a stretch." Although the indictment claims Hutchins wrote the Kronos malware, nothing in the document illustrates that Hutchins possessed actual intent for the malware he allegedly created to be used in the criminal "conspiracy" he's accused of."It’s not a crime to create malware. It’s not a crime to sell malware. It’s a crime to sell malware with the intent to further someone else’s crime." Kerr says. "This story alone doesn’t really fit. There's got to be more to it, or it’s going to run into legal problems."
Hacker Who Stopped WannaCry Charged With Writing Banking Malware
Here is the indictment for those who won't read the rest of the article.
MalwareTechBlog Indictment
Yesterday authorities detained 22-year-old Hutchins after the Defcon hacker conference in Las Vegas as he attempted to fly home to the UK, where he works as a researcher for the security firm Kryptos Logic. Upon his arrest, the Department of Justice unsealed an indictment against Hutchins, charging that he created the Kronos banking trojan, a widespread piece of malware used to steal banking credentials for fraud. He's accused of intentionally creating that banking malware for criminal use, as well as being part of a conspiracy to sell it for $3,000 between 2014 and 2015 on cybercrime market sites such as the now-defunct AlphaBay dark web market.
But the short, eight-page indictment against Hutchins, a rising star in the hacker world, has already raised questions and skepticism in both legal and cybersecurity circles. Orin Kerr, a law professor at George Washington University who has written extensively about cybersecurity and hacking cases, says that based on the indictment alone, the charges look like "a stretch." Although the indictment claims Hutchins wrote the Kronos malware, nothing in the document illustrates that Hutchins possessed actual intent for the malware he allegedly created to be used in the criminal "conspiracy" he's accused of."It’s not a crime to create malware. It’s not a crime to sell malware. It’s a crime to sell malware with the intent to further someone else’s crime." Kerr says. "This story alone doesn’t really fit. There's got to be more to it, or it’s going to run into legal problems."
Hacker Who Stopped WannaCry Charged With Writing Banking Malware
Here is the indictment for those who won't read the rest of the article.
MalwareTechBlog Indictment